Web Application Security course

A hands-on training for both cyber security and non-cyber security IT professionals

  • | | | |---|---:| | **Pre-assessment:** | 3 h | | **Lab time for training:** | 20 h | | **Post-assessment:** | 3 h | Training consists of 12 modules. Average time to complete a module is 30 minutes. To help you master the skills you can replay all the labs for a total of 20 hours.
  • Find vulnerabilities and fix the code
  • Unlimited participants online
  • The participant will gain a lot more from the experience if they already know the basics of **bash commands** and **PHP** knowledge is helpful
## Course description Web Application Security Essentials (WASE) - an online simulation-based training for both development and devops teams. Every month participants will get access to three training modules and are expected to spend 2-4 hours in RangeForce’s Cyber Simulator. Each participant gets access to the RangeForce training platform where everyone has their own small isolated network with vulnerable servers and services. The environment aims to replicate a typical small business IT architecture. After 4 months of training the program participants will be asked to complete short monthly challenges. Players can apply their freshly obtained skills to solve the challenges. If they forget any of the application security concepts then players can take the training modules again. This learn-measure-learn cycle helps build-up solid security skills and maintain them over time. ## Learning objectives * find SQL injection (SQLi) attacks from log files; * perform simple SQLi attacks such as authentication bypass, information gathering and data dumping using information_schema and union selects; * avoid dynamic SQL if possible and use SQL prepared statements; * find XSS attacks from log files; * find reflected XSS, stored XSS and DOM based XSS from a sample webapp; * fix the source code of the sample webapp for XSS errors; * find and fix path traversals and command injections; * fix cookie security, use HttpOnly and Secure flags; * find and understand how insecure direct object reference works; * find and demonstrate how file upload and inclusion can lead to system compromise; * understand how passwords should be stored and demonstrate attack vectors against broken authentication/authorization systems; * demonstrate how CSRF works and understand token based protection methods.
Sign up a team
## 3 simple goals * Assess your skill level * Obtain new skills * Have fun
## Skills measurement It is very important to know if a person has acquired the necessary skills and if that person is able to apply those skills in a real-time stressful cyber incident. The RangeForce platform allows to measure real skills.